This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.nytimes.com/2017/06/27/technology/global-ransomware-hack-what-we-know-and-dont-know.html
The article has changed 7 times. There is an RSS feed of changes available.
| Version 5 | Version 6 |
|---|---|
| Global Ransomware Attack: What We Know and Don’t Know | Global Ransomware Attack: What We Know and Don’t Know |
| (about 5 hours later) | |
| A quickly spreading ransomware attack is hitting countries across the world including France, Russia, Spain, Ukraine and the United States, just weeks after a ransomware attack known as WannaCry. | A quickly spreading ransomware attack is hitting countries across the world including France, Russia, Spain, Ukraine and the United States, just weeks after a ransomware attack known as WannaCry. |
| WHERE IT STARTED Microsoft said the attack had originated in Ukraine, where hackers first targeted M.E.Doc, a tax-accounting software company, and the ransomware soon spread to at least 64 countries. ESET, a Slovakia-based cybersecurity company, also said the first known infection was through M.E.Doc. (See below for an explanation of what ransomware is.) | WHERE IT STARTED Microsoft said the attack had originated in Ukraine, where hackers first targeted M.E.Doc, a tax-accounting software company, and the ransomware soon spread to at least 64 countries. ESET, a Slovakia-based cybersecurity company, also said the first known infection was through M.E.Doc. (See below for an explanation of what ransomware is.) |
| M.E.Doc denied that it was patient zero in a Facebook post, though an earlier message confirmed that its systems had been compromised. | M.E.Doc denied that it was patient zero in a Facebook post, though an earlier message confirmed that its systems had been compromised. |
| HOW WIDESPREAD IT HAS BECOME More than 12,500 machines running older versions of Microsoft Windows were targeted in Ukraine, according to Microsoft, though the attack quickly spread to 64 countries. | HOW WIDESPREAD IT HAS BECOME More than 12,500 machines running older versions of Microsoft Windows were targeted in Ukraine, according to Microsoft, though the attack quickly spread to 64 countries. |
| Several private companies have confirmed that they were struck by the attack, including: | Several private companies have confirmed that they were struck by the attack, including: |
| Trading of FedEx’s shares were briefly halted on Wednesday after the company said that the global operations of a subsidiary, TNT Express, had also been impacted. | |
| WHAT THE RANSOMWARE IS Cybersecurity researchers first called the new ransomware attack Petya, as it was similar to a ransomware strain known by that name that was first reported by Kasperksy in March 2016. But Kaspersky later said that its investigation into the new attack found that it was a type of ransomware that had never been seen before. | WHAT THE RANSOMWARE IS Cybersecurity researchers first called the new ransomware attack Petya, as it was similar to a ransomware strain known by that name that was first reported by Kasperksy in March 2016. But Kaspersky later said that its investigation into the new attack found that it was a type of ransomware that had never been seen before. |
| Photographs and videos of computers affected by the attack showed a message of red text on a black screen: “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.” | Photographs and videos of computers affected by the attack showed a message of red text on a black screen: “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.” |
| Symantec, a Silicon Valley cybersecurity firm, confirmed that the ransomware was infecting computers through at least one exploit, or vulnerability to computer systems, known as Eternal Blue. The exploit was leaked online last April by a mysterious group of hackers known as the Shadow Brokers, who have previously released hacking tools used by the National Security Agency. That vulnerability was used in May to spread the WannaCry ransomware, which affected hundreds of thousands of computers in more than 150 countries. | Symantec, a Silicon Valley cybersecurity firm, confirmed that the ransomware was infecting computers through at least one exploit, or vulnerability to computer systems, known as Eternal Blue. The exploit was leaked online last April by a mysterious group of hackers known as the Shadow Brokers, who have previously released hacking tools used by the National Security Agency. That vulnerability was used in May to spread the WannaCry ransomware, which affected hundreds of thousands of computers in more than 150 countries. |
| PEOPLE ARE PAYING Cybersecurity researchers identified a Bitcoin address to which the attackers are demanding a payment of $300 from their victims. At least some appear to have paid the ransom (As of Wednesday morning, the address had logged 45 transactions), even though the email address used by the attackers was shut down. That removes the possibility that the attackers could restore a victim’s access to their computer networks, even once ransom is paid. | PEOPLE ARE PAYING Cybersecurity researchers identified a Bitcoin address to which the attackers are demanding a payment of $300 from their victims. At least some appear to have paid the ransom (As of Wednesday morning, the address had logged 45 transactions), even though the email address used by the attackers was shut down. That removes the possibility that the attackers could restore a victim’s access to their computer networks, even once ransom is paid. |
| WHO IS BEHIND THE ATTACK While the intended target is believed to be inside Ukraine, security researchers and law enforcement have yet to determine who the hackers are. The original Petya ransomware was developed and used by cybercriminals, and variations have been sold through dark web trading sites, which are accessible only by using browsers that mask a user’s identity, making it difficult for cybersecurity researchers to track. | WHO IS BEHIND THE ATTACK While the intended target is believed to be inside Ukraine, security researchers and law enforcement have yet to determine who the hackers are. The original Petya ransomware was developed and used by cybercriminals, and variations have been sold through dark web trading sites, which are accessible only by using browsers that mask a user’s identity, making it difficult for cybersecurity researchers to track. |
| WHETHER THERE WILL BE MORE COLLATERAL DAMAGE Ukraine and Russia are most affected, and despite some reports across Asia, the region has mostly sidestepped the widespread problems felt in Europe and the United States. Researchers from Symantec believe that several dozen organizations have been affected in the United States alone. | WHETHER THERE WILL BE MORE COLLATERAL DAMAGE Ukraine and Russia are most affected, and despite some reports across Asia, the region has mostly sidestepped the widespread problems felt in Europe and the United States. Researchers from Symantec believe that several dozen organizations have been affected in the United States alone. |
| Cybersecurity experts say that like WannaCry, the ransomware infects computers using vulnerabilities in the central nerve of a computer, called a kernel, making it difficult for antivirus firms to detect. It also has the ability to take advantage of a single unpatched computer on a network to infect computers across a vast network, meaning that even systems that were updated after WannaCry could potentially become vulnerable again. | Cybersecurity experts say that like WannaCry, the ransomware infects computers using vulnerabilities in the central nerve of a computer, called a kernel, making it difficult for antivirus firms to detect. It also has the ability to take advantage of a single unpatched computer on a network to infect computers across a vast network, meaning that even systems that were updated after WannaCry could potentially become vulnerable again. |
| • Ransomware is one of the most popular forms of online attack today. It typically begins with attackers sending their victims an email that includes a link or a file that appears innocuous but contains dangerous malware. | • Ransomware is one of the most popular forms of online attack today. It typically begins with attackers sending their victims an email that includes a link or a file that appears innocuous but contains dangerous malware. |
| • Once a victim clicks on the link or opens the attachment, the computer becomes infected. The program encrypts the computer, essentially locking the user out of files, folders and drives on that computer. In some cases, the entire network the computer is connected to can become infected. | • Once a victim clicks on the link or opens the attachment, the computer becomes infected. The program encrypts the computer, essentially locking the user out of files, folders and drives on that computer. In some cases, the entire network the computer is connected to can become infected. |
| • The victim then receives a message demanding payment in exchange for attackers unlocking the system. The payment is usually requested in Bitcoin, a form of digital currency. | • The victim then receives a message demanding payment in exchange for attackers unlocking the system. The payment is usually requested in Bitcoin, a form of digital currency. |